Your message dated Sat, 10 Mar 2018 23:17:09 +0000 with message-id <e1eunjh-000gmo...@fasolo.debian.org> and subject line Bug#887413: fixed in isc-dhcp 4.3.5-3+deb9u1 has caused the Debian Bug report #887413, regarding isc-dhcp: CVE-2017-3144: dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 887413: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887413 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: isc-dhcp Version: 4.3.1-6 Severity: important Tags: security upstream Hi, the following vulnerability was published for isc-dhcp. CVE-2017-3144[0]: |dhcp: omapi code doesn't free socket descriptors when empty message is |received allowing denial-of-service If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-3144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1522918 [2] https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: isc-dhcp Source-Version: 4.3.5-3+deb9u1 We believe that the bug you reported is fixed in the latest version of isc-dhcp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 887...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated isc-dhcp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 Mar 2018 17:27:05 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay Architecture: source Version: 4.3.5-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 887413 891785 891786 Description: isc-dhcp-client - DHCP client for automatically obtaining an IP address isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common manpages relevant to all of the isc-dhcp packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend Changes: isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413) * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785) * Correct buffer overrun in pretty_print_option (CVE-2018-5732) (Closes: #891786) Checksums-Sha1: 338da0ef3cb08b96d4da99c0608671914b6fce7a 2758 isc-dhcp_4.3.5-3+deb9u1.dsc 283ad78a33d0fa28cb6c338353c66e3d96bf3499 1141640 isc-dhcp_4.3.5.orig.tar.gz e7efef64943a2177ec8f6ce38b282b0781979214 88808 isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz Checksums-Sha256: 45426dfbcf1d0efe22032f8b94e11992071997543c630bde66f403de22f4aa83 2758 isc-dhcp_4.3.5-3+deb9u1.dsc 36fbfbbe4b7d44fa588e34a3339656be9f5ae33748452d243fe5fa5321a115e5 1141640 isc-dhcp_4.3.5.orig.tar.gz 52ebb5fff096ad9a2fa2bf0c148a1b511b85373de70146f0234fed0224613227 88808 isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz Files: 7f26f6068303167de657f3c430bf6186 2758 net important isc-dhcp_4.3.5-3+deb9u1.dsc 2cc305b76cf4a75ae57822f90a122437 1141640 net important isc-dhcp_4.3.5.orig.tar.gz 0bc8871c6179c5b91ff3918320cad3a5 88808 net important isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqbAjhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErkUP/R6ppMADrvkjX0x8/d2exSLBY4iUPo0d LoARbSs+DCyXjf4kWnR9lV73hv2639uQZ6ziTdE67PsnEMTRz90GUuFz6kCGneOa pKCfKy2/urEHL7VwHG0ncBz4JDbxomD2lQdTmXmlKB1OCqLBGATDMpcntkUX98VW 1PTXXj7ZFcJUyHUtzF9Pao5esq2oQ+2m15mvtD5FMMi5vAwRxQbNQmBvwP/pCs8Q Kwh971Z/fesbkzBS/qEN/MdUym7cdGM9vU9MKf05q+O+7kdfEBRsWofIE+lJ4mfT MoKQ+Gi/tqMVMIMI5WZWwG0OERUQ40F70Y9qUoXJuAcvMU+ynaYyhGvkKprfOIKR 6QIjrHkuzKT57CYdBsAcitD0ISYOxeUcnbAzGQCHtTWbMYLNIBlkHsl6J7hIs2EW YZ1tqUy+8jKWw1HHNKrNwo09OWSURQ2g6k7lsh4dapm/dmNMtnYXeQbjwhK39/nv W9dT08Ph7mlj40mt53TwAlkux63ncXbEcXbdhWVytVJnv+ib9RciDgxa4VL93qfh WAe2uwIi3S01IUd8PCjt2HzCa+0CN41k6kYA+V6FsTMat+bcyqJ4hEmlEZffbeYk WSeYXLMy58qfD8uFmmrirYEGOZwixm9xyWCL3L6eLMokzl8P/hR6x/EHA1WQdXFp b2fls+o6/sca =sve+ -----END PGP SIGNATURE-----
--- End Message ---
